We are currently using Google App Engine to evaluate solutions to Python problems submitted by students. We have moved all of the untrusted code execution off to a separate GAE application that doesn't use the datastore. Everything seems to be working fine for the 50+ problems we have uploaded, but I'm curious what security holes remain that industrious students will find. How should we further protect this code from the untrusted code it execs in GAE?
#The solution and doctest are untrusted code passed in to the GAE app.
solution = 'b=5'
doctest = '>>> b \n 5'
#Compile and exec the untrusted solution provided by the user.
compiled = compile(solution, 'submitted code', 'exec')
sandbox = {}
exec compiled in sandbox
#Compile and exec each of the doctests
test_cases = doctest.DocTestParser().get_examples(doctest)
for test in test_cases:
if not test.want:
exec test.source in sandbox